× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 7d9158cd20cf674faba3a36d61238ed2e211ac56edec9d716308759c339dc03c
File name: facebook-pic000934519.exe
Detection ratio: 53 / 67
Analysis date: 2017-10-23 16:03:52 UTC ( 1 year, 7 months ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.5506451 20171023
AegisLab W32.W.Yahos.ps!c 20171023
AhnLab-V3 Worm/Win32.Yahos.R2919 20171023
ALYac Trojan.Generic.5506451 20171023
Antiy-AVL Worm[IM]/Win32.Yahos 20171023
Arcabit Trojan.Generic.D540593 20171023
Avast Win32:Downloader-TZW [Trj] 20171023
AVG Win32:Downloader-TZW [Trj] 20171023
Avira (no cloud) WORM/Yahos.PS 20171023
AVware Trojan.Win32.Generic.pak!cobra 20171023
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9851 20171023
BitDefender Trojan.Generic.5506451 20171023
CAT-QuickHeal Worm.Yahos.A5 20171020
Comodo P2PWorm.Win32.Palevo.GZA 20171023
Cylance Unsafe 20171023
DrWeb Win32.HLLW.Siggen.1597 20171023
eGambit malicious_confidence_68% 20171023
Emsisoft Trojan.Generic.5506451 (B) 20171023
Endgame malicious (moderate confidence) 20171016
ESET-NOD32 IRC/SdBot 20171023
F-Secure Trojan.Generic.5506451 20171020
GData Trojan.Generic.5506451 20171023
Ikarus Backdoor.Win32.Ircbrute 20171023
Sophos ML heuristic 20170914
Jiangmin Worm/Yahos.gt 20171023
K7AntiVirus Riskware ( 0015e4f01 ) 20171023
K7GW Riskware ( 0015e4f01 ) 20171023
Kaspersky HEUR:Trojan.Win32.Generic 20171023
Malwarebytes Backdoor.Bot 20171023
MAX malware (ai score=85) 20171023
McAfee Artemis!4DFF8349A716 20171023
McAfee-GW-Edition BehavesLike.Win32.Skintrim.ch 20171023
eScan Trojan.Generic.5506451 20171023
NANO-Antivirus Trojan.Win32.TrjGen.edoyez 20171023
nProtect Worm/W32.Yahos.102400 20171023
Palo Alto Networks (Known Signatures) generic.ml 20171023
Panda Generic Malware 20171023
Qihoo-360 Win32/Trojan.e6d 20171023
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazqxOlrxvDrKXDbmwX9xrUiv) 20171023
SentinelOne (Static ML) static engine - malicious 20171019
Sophos AV Mal/Rimecud-D 20171023
Symantec W32.Yimfoca 20171023
Tencent Win32.Trojan.Generic.Pikt 20171023
TheHacker Trojan/SdBot 20171017
TotalDefense Win32/Pushbot.ABX 20171023
TrendMicro TROJ_SLENFBOT.SM 20171023
TrendMicro-HouseCall TROJ_SLENFBOT.SM 20171023
VBA32 Malware-Cryptor.Inject.gen 20171023
VIPRE Trojan.Win32.Generic.pak!cobra 20171023
Webroot Worm:Win32/Slenfbot.AKD 20171023
Yandex Worm.Yahos!njqAYmK1RQI 20171021
Zillya Worm.Yahos.Win32.267 20171021
ZoneAlarm by Check Point HEUR:Trojan.Win32.Generic 20171023
Alibaba 20170911
Avast-Mobile 20171023
Bkav 20171023
ClamAV 20171023
CMC 20171023
CrowdStrike Falcon (ML) 20171016
Cyren 20171023
F-Prot 20171023
Fortinet 20171023
Kingsoft 20171023
Microsoft 20171023
SUPERAntiSpyware 20171023
Symantec Mobile Insight 20171011
Trustlook 20171023
ViRobot 20171023
WhiteArmor 20171016
Zoner 20171023
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-02-01 19:14:55
Entry Point 0x00002444
Number of sections 4
PE sections
PE imports
GetLastError
InitializeCriticalSection
HeapFree
GetStdHandle
EnterCriticalSection
GetConsoleOutputCP
SetHandleCount
GetModuleFileNameW
GetConsoleCP
HeapDestroy
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetOEMCP
GetEnvironmentStringsW
GetVersionExA
LoadLibraryA
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
LoadLibraryExA
GetEnvironmentStrings
GetConsoleMode
GetLocaleInfoA
GetCurrentProcessId
LCMapStringW
WriteConsoleW
GetCPInfo
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
HeapSize
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetStringTypeA
DebugBreak
GetProcessHeap
SetStdHandle
SetFilePointer
RaiseException
WideCharToMultiByte
TlsFree
GetModuleHandleA
FlushFileBuffers
SetUnhandledExceptionFilter
WriteFile
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
GetACP
HeapReAlloc
GetStringTypeW
FreeLibrary
TerminateProcess
LCMapStringA
WriteConsoleA
IsValidCodePage
HeapCreate
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
GetTickCount
TlsSetValue
CreateFileA
HeapAlloc
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
SetLastError
InterlockedIncrement
wsprintfA
Number of PE resources by type
RT_ICON 1
RT_DIALOG 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 3
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2011:02:01 20:14:55+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
40960

LinkerVersion
8.0

FileTypeExtension
exe

InitializedDataSize
65536

SubsystemVersion
4.0

EntryPoint
0x2444

OSVersion
4.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 4dff8349a71669c0fcd751253f1c1157
SHA1 995baf84cbbf6d565ffc3b0e9d5f32fd0c322133
SHA256 7d9158cd20cf674faba3a36d61238ed2e211ac56edec9d716308759c339dc03c
ssdeep
1536:e22rwHtGfIN9HQKnrOgtj4kRk0zxHWb1cmdJGbkxtvwY1WsQOWUEHti4OMMMMMMg:9HlQ09HW7DwOWUEHtiTMMMMMMMMM

authentihash cf4e073c4be5a135984bd838a0568220d1b887a0e0b1d7f569394f0ee038728f
imphash 3d9ca520519dfa7d118cef985c8f0065
File size 100.0 KB ( 102400 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (52.5%)
Windows screen saver (22.0%)
Win32 Dynamic Link Library (generic) (11.0%)
Win32 Executable (generic) (7.5%)
Generic Win/DOS Executable (3.3%)
Tags
peexe

VirusTotal metadata
First submission 2011-02-01 19:47:52 UTC ( 8 years, 3 months ago )
Last submission 2015-11-06 06:32:44 UTC ( 3 years, 6 months ago )
File names aa
4dff8349a71669c0fcd751253f1c1157.exe
4dff8349a71669c0fcd751253f1c1157995baf84cbbf6d565ffc3b0e9d5f32fd0c322133102400.exe
8Ux6.zip
y_UIB5.xltm
4dff8349a71669c0fcd751253f1c1157
facebook-pic000934519.exe
5bd0bca93c41b3550cbf2ca31fe0c613
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!